| blob | 5901d41a888af67e60779bc705e1cc6c17ade98c |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sw=4 et tw=78:
3 *
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is Mozilla Communicator client code, released
18 * March 31, 1998.
19 *
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1998
23 * the Initial Developer. All Rights Reserved.
24 *
25 * Contributor(s):
26 *
27 * Alternatively, the contents of this file may be used under the terms of
28 * either of the GNU General Public License Version 2 or later (the "GPL"),
29 * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
38 *
39 * ***** END LICENSE BLOCK ***** */
41 /*
42 * JS function support.
43 */
45 #include <string.h>
69 #if JS_HAS_GENERATORS
71 #endif
73 /* Generic function/call/arguments tinyids -- also reflected bit numbers. */
81 };
83 #if JSFRAME_OVERRIDE_BITS < 8
85 #endif
87 #define TEST_OVERRIDE_BIT(fp, tinyid) \
88 ((fp)->flags & JS_BIT(JSFRAME_OVERRIDE_SHIFT - ((tinyid) + 1)))
90 #define SET_OVERRIDE_BIT(fp, tinyid) \
91 ((fp)->flags |= JS_BIT(JSFRAME_OVERRIDE_SHIFT - ((tinyid) + 1)))
93 JSBool
95 {
103 vp);
104 }
110 }
112 static JSBool
114 {
136 }
143 }
144 }
149 }
151 }
153 /* NB: Infallible predicate, false does not mean error/exception. */
154 static JSBool
156 {
170 }
172 }
174 JSBool
176 {
177 jsval val;
179 uintN slot;
188 }
195 }
197 }
207 /*
208 * Per ECMA-262 Ed. 3, 10.1.8, last bulleted item, do not share
209 * storage between the formal parameter and arguments[k] for all
210 * fp->argc <= k && k < fp->fun->nargs. For example, in
211 *
212 * function f(x) { x = 42; return arguments[0]; }
213 * f();
214 *
215 * the call to f should return undefined, not 42. If fp->argsobj
216 * is null at this point, as it would be in the example, return
217 * undefined in *vp.
218 */
221 }
227 }
228 }
230 }
232 JSObject *
234 {
237 /*
238 * We must be in a function activation; the function must be lightweight
239 * or else fp must have a variable object.
240 */
243 /* Skip eval and debugger frames. */
247 /* Create an arguments object for fp only if it lacks one. */
252 /* Link the new object to fp so it can get actual argument values. */
257 }
259 /*
260 * Give arguments an intrinsic scope chain link to fp's global object.
261 * Since the arguments object lacks a prototype because js_ArgumentsClass
262 * is not initialized, js_NewObject won't assign a default parent to it.
263 *
264 * Therefore if arguments is used as the head of an eval scope chain (via
265 * a direct or indirect call to eval(program, arguments)), any reference
266 * to a standard class object in the program will fail to resolve due to
267 * js_GetClassPrototype not being able to find a global object containing
268 * the standard prototype by starting from arguments and following parent.
269 */
276 }
278 static JSBool
281 JSBool
283 {
286 JSBool ok;
289 /*
290 * Reuse args_enumerate here to reflect fp's actual arguments as indexed
291 * elements of argsobj. Do this first, before clearing and freeing the
292 * deleted argument slot bitmap, because args_enumerate depends on that.
293 */
297 /*
298 * Now clear the deleted argument number bitmap slot and free the bitmap,
299 * if one was actually created due to 'delete arguments[0]' or similar.
300 */
306 }
308 /*
309 * Now get the prototype properties so we snapshot fp->fun and fp->argc
310 * before fp goes away.
311 */
322 /*
323 * Clear the private pointer to fp, which is about to go away (js_Invoke).
324 * Do this last because the args_enumerate and js_GetProperty calls above
325 * need to follow the private slot to find fp.
326 */
330 }
332 static JSBool
334 {
335 jsint slot;
357 }
359 }
361 static JSBool
363 {
364 jsint slot;
391 }
393 }
395 static JSBool
397 {
399 jsint slot;
421 }
423 }
425 }
427 static JSBool
430 {
432 uintN slot;
435 intN tinyid;
436 jsval value;
448 /* XXX ECMA specs DontEnum, contrary to other array-like objects */
454 }
456 }
471 /* Quell GCC overwarnings. */
474 }
475 }
482 }
484 }
485 }
488 }
490 static JSBool
492 {
504 /*
505 * Trigger reflection with value snapshot in args_resolve using a series
506 * of js_LookupProperty calls. We handle length, callee, and the indexed
507 * argument properties. We know that args_resolve covers all these cases
508 * and creates direct properties of obj, but that it may fail to resolve
509 * length or callee if overridden.
510 */
515 }
523 }
533 }
535 }
537 #if JS_HAS_GENERATORS
538 /*
539 * If a generator-iterator's arguments or call object escapes, it needs to
540 * mark its generator object.
541 */
542 static void
544 {
551 }
552 }
553 #else
554 # define args_or_call_trace NULL
555 #endif
557 /*
558 * The Arguments class is not initialized via JS_InitClass, and must not be,
559 * because its name is "Object". Per ECMA, that causes instances of it to
560 * delegate to the object named by Object.prototype. It also ensures that
561 * arguments.toString() returns "[object Object]".
562 *
563 * The JSClass functions below collaborate to lazily reflect and synchronize
564 * actual argument values, argument count, and callee function object stored
565 * in a JSStackFrame with their corresponding property values in the frame's
566 * arguments object.
567 */
568 JSClass js_ArgumentsClass = {
569 js_Object_str,
580 };
582 JSObject *
584 {
587 /* Create a call object for fp only if it lacks one. */
594 /* The default call parent is its function's parent (static link). */
599 }
601 /* Create the call object and link it to its stack frame. */
606 }
609 /* Make callobj be the scope chain and the variables object. */
614 }
616 static JSBool
619 JSBool
621 {
623 JSBool ok;
624 jsid argsid;
625 jsval aval;
627 /*
628 * Reuse call_enumerate here to reflect all actual args and vars into the
629 * call object from fp.
630 */
636 /*
637 * Get the arguments object to snapshot fp's actual argument values.
638 */
644 }
646 }
648 /*
649 * Clear the private pointer to fp, which is about to go away (js_Invoke).
650 * Do this last because the call_enumerate and js_GetProperty calls above
651 * need to follow the private slot to find fp.
652 */
656 }
658 static JSBool
660 {
662 jsint slot;
679 }
686 }
688 }
690 static JSBool
692 {
694 jsint slot;
713 }
715 }
717 JSBool
719 {
725 /* XXX no jsint slot commoning here to avoid MSVC1.52 crashes */
728 }
730 }
732 JSBool
734 {
740 /* XXX jsint slot is block-local here to avoid MSVC1.52 crashes */
744 }
746 }
748 static JSBool
750 {
755 JSPropertyOp getter;
757 jsid id;
764 /*
765 * Do not enumerate a cloned function object at fp->callee, it may have
766 * gained its own (mutable) scope (e.g., a brutally-shared XUL script sets
767 * the clone's prototype property). We must enumerate the function object
768 * that was decorated with parameter and local variable properties by the
769 * compiler when the compiler created fp->fun, namely fp->fun->object.
770 *
771 * Contrast with call_resolve, where we prefer fp->callee, because we'll
772 * use js_LookupProperty to find any overridden properties in that object,
773 * if it was a mutated clone; and if not, we will search its prototype,
774 * fp->fun->object, to find compiler-created params and locals.
775 */
780 /*
781 * Reflect actual args from fp->argv for formal parameters, and local vars
782 * and functions in fp->vars for declared variables and nested-at-top-level
783 * local functions.
784 */
792 else
795 /* Trigger reflection by looking up the unhidden atom for sprop->id. */
800 /*
801 * If we found the property in a different object, don't try sticking
802 * it into wrong slots vector. This can occur because we have a mutable
803 * __proto__ slot, and cloned function objects rely on their __proto__
804 * to delegate to the object that contains the var and arg properties.
805 */
810 }
814 }
817 }
819 static JSBool
822 {
833 intN shortid;
859 }
867 /* Ensure we found an arg or var property for the same function. */
881 }
890 }
895 }
897 }
899 }
902 /*
903 * Resolve arguments so that we never store a particular Call object's
904 * arguments object reference in a Call prototype's |arguments| slot.
905 */
912 NULL)) {
914 }
917 }
918 }
920 }
922 static JSBool
924 {
932 }
933 }
935 }
937 JSClass js_CallClass = {
938 js_Call_str,
949 };
951 /*
952 * ECMA-262 specifies that length is a property of function object instances,
953 * but we can avoid that space cost by delegating to a prototype property that
954 * is JSPROP_PERMANENT and JSPROP_SHARED. Each fun_getProperty call computes
955 * a fresh length value based on the arity of the individual function object's
956 * private data.
957 *
958 * The extensions below other than length, i.e., the ones not in ECMA-262,
959 * are neither JSPROP_READONLY nor JSPROP_SHARED, because for compatibility
960 * with ECMA we must allow a delegating object to override them. Therefore to
961 * avoid entraining garbage in Function.prototype slots, they must be resolved
962 * in non-prototype function objects, wherefore the lazy_function_props table
963 * and fun_resolve's use of it.
964 */
965 #define LENGTH_PROP_ATTRS (JSPROP_READONLY|JSPROP_PERMANENT|JSPROP_SHARED)
970 };
973 uint16 atomOffset;
974 int8 tinyid;
975 uint8 attrs;
978 /* NB: no sentinel at the end -- use JS_ARRAY_LENGTH to bound loops. */
984 };
986 static JSBool
988 {
989 jsint slot;
997 /*
998 * Loop because getter and setter can be delegated from another class,
999 * but loop only for ARGS_LENGTH because we must pretend that f.length
1000 * is in each function instance f, per ECMA-262, instead of only in the
1001 * Function.prototype object (we use JSPROP_PERMANENT with JSPROP_SHARED
1002 * to make it appear so).
1003 *
1004 * This code couples tightly to the attributes for the function_props[]
1005 * initializers above, and to js_SetProperty and js_HasOwnPropertyHelper.
1006 *
1007 * It's important to allow delegating objects, even though they inherit
1008 * this getter (fun_getProperty), to override arguments, arity, caller,
1009 * and name. If we didn't return early for slot != ARGS_LENGTH, we would
1010 * clobber *vp with the native property value, instead of letting script
1011 * override that value in delegating objects.
1012 *
1013 * Note how that clobbering is what simulates JSPROP_READONLY for all of
1014 * the non-standard properties when the directly addressed object (obj)
1015 * is a function object (i.e., when this loop does not iterate).
1016 */
1024 }
1026 /* Find fun's top-most activation record. */
1030 }
1034 /* Warn if strict about f.arguments or equivalent unqualified uses. */
1038 JSMSG_DEPRECATED_USAGE,
1039 js_arguments_str)) {
1041 }
1047 }
1066 else
1072 }
1076 /* XXX fun[0] and fun.arguments[0] are equivalent. */
1080 }
1083 }
1085 static JSBool
1087 {
1088 jsid prototypeId;
1098 }
1100 static JSBool
1103 {
1106 uintN i;
1111 /* No valid function object should lack private data. */
1115 /*
1116 * Check for a hidden formal parameter or local variable binding in the
1117 * clone-parent of obj, which would be a different, non-null fun->object.
1118 */
1130 }
1135 }
1136 }
1138 }
1140 /*
1141 * No need to reflect fun.prototype in 'fun.prototype = ...'. This test
1142 * must come after the JSRESOLVE_HIDDEN test, since call_resolve may look
1143 * for a hidden function object property from an assignment bytecode.
1144 */
1148 /*
1149 * Ok, check whether id is 'prototype' and bootstrap the function object's
1150 * prototype property.
1151 */
1155 jsval pval;
1162 /*
1163 * Clone of a function where the clone and the object owning fun
1164 * appear to be in the same trust domain: make the cloned function
1165 * object's 'prototype' property value have the same class as the
1166 * clone-parent's 'prototype' value.
1167 */
1171 /*
1172 * We are about to allocate a new object, so hack the newborn
1173 * root until then to protect pval in case it is figuratively
1174 * up in the air, with no strong refs protecting it.
1175 */
1179 }
1180 }
1182 /*
1183 * Beware of the wacky case of a user function named Object -- trying
1184 * to find a prototype for that will recur back here _ad perniciem_.
1185 */
1189 /*
1190 * If resolving "prototype" in a clone, clone the parent's prototype.
1191 * Pass the constructor's (obj's) parent as the prototype parent, to
1192 * avoid defaulting to parentProto.constructor.__parent__.
1193 */
1199 /*
1200 * ECMA (15.3.5.2) says that constructor.prototype is DontDelete for
1201 * user-defined functions, but DontEnum | ReadOnly | DontDelete for
1202 * native "system" constructors such as Object or Function. So lazily
1203 * set the former here in fun_resolve, but eagerly define the latter
1204 * in JS_InitClass, with the right attributes.
1205 */
1210 }
1213 }
1224 NULL)) {
1226 }
1229 }
1230 }
1233 }
1235 static JSBool
1237 {
1244 }
1245 }
1247 #if JS_HAS_XDR
1255 };
1257 /* XXX store parent and proto, if defined */
1258 static JSBool
1260 {
1264 JSTempValueRooter tvr;
1271 uint32 type;
1272 JSBool ok;
1273 #ifdef DEBUG
1275 #endif
1279 /*
1280 * No valid function object should lack private data, but fail soft
1281 * (return true, no error report) in case one does due to API pilot
1282 * or internal error.
1283 */
1289 JSMSG_NOT_SCRIPTED_FUNCTION,
1292 }
1300 }
1302 /* From here on, control flow must flow through label out. */
1316 }
1318 /* Assert that all previous writes of extraUnused were writes of 0. */
1321 /* do arguments and local vars */
1339 }
1340 }
1350 }
1351 }
1356 ? JSXDR_FUNARG
1358 ? JSXDR_FUNCONST
1362 /*
1363 * sprop->id here represents hidden names so we unhide it and
1364 * encode as an atom. During decoding we read the atom and use
1365 * js_AddHiddenProperty to reconstruct sprop with the hidden
1366 * id.
1367 */
1375 }
1376 }
1389 }
1405 }
1407 /* Flag duplicate argument if atom is bound in fun->object. */
1410 ? SPROP_IS_DUPLICATE
1420 }
1421 }
1422 }
1423 }
1433 }
1435 out:
1439 bad:
1442 }
1446 #define fun_xdrObject NULL
1450 /*
1451 * [[HasInstance]] internal method for Function objects: fetch the .prototype
1452 * property of its 'this' parameter, and walks the prototype chain of v (only
1453 * if v is an object) returning true if .prototype is found.
1454 */
1455 static JSBool
1457 {
1458 jsval pval;
1465 }
1468 /*
1469 * Throw a runtime error if instanceof is called on a function that
1470 * has a non-object as its .prototype value.
1471 */
1475 }
1478 }
1480 static void
1482 {
1494 }
1495 }
1497 static uint32
1499 {
1507 }
1509 /*
1510 * Reserve two slots in all function objects for XPConnect. Note that this
1511 * does not bloat every instance, only those on which reserved slots are set,
1512 * and those on which ad-hoc properties are defined.
1513 */
1515 js_Function_str,
1526 };
1528 static JSBool
1530 {
1531 jsval fval;
1538 /*
1539 * If we don't have a function to start off with, try converting the
1540 * object to a function. If that doesn't work, complain.
1541 */
1547 }
1549 }
1552 JSMSG_INCOMPATIBLE_PROTO,
1556 }
1557 }
1572 }
1574 static JSBool
1576 {
1578 }
1580 #if JS_HAS_TOSOURCE
1581 static JSBool
1583 {
1585 }
1586 #endif
1590 static JSBool
1592 {
1597 uintN i;
1599 JSBool ok;
1613 JSMSG_INCOMPATIBLE_PROTO,
1615 bytes);
1616 }
1617 }
1619 }
1623 /* Call fun with its global object as the 'this' param if no args. */
1626 /* Otherwise convert the first arg to 'this' and skip over it. */
1631 argc--;
1632 argv++;
1633 }
1635 /* Allocate stack space for fval, obj, and the args. */
1640 /* Push fval, obj, and the args. */
1646 /* Lift current frame to include the args and do the call. */
1652 ? JSINVOKE_INTERNAL
1655 /* Store rval and pop stack back to our frame's sp. */
1660 }
1662 static JSBool
1664 {
1668 jsuint length;
1671 uintN i;
1675 /* Will get globalObject as 'this' and no other arguments. */
1677 }
1691 JSMSG_INCOMPATIBLE_PROTO,
1693 bytes);
1694 }
1695 }
1697 }
1699 /* Quell GCC overwarnings. */
1704 /* If the 2nd arg is null or void, call the function with 0 args. */
1708 /* The second arg must be an array (or arguments object). */
1714 }
1719 }
1720 }
1721 }
1723 /* Convert the first arg to 'this' and skip over it. */
1729 /* Allocate stack space for fval, obj, and the args. */
1735 /* Push fval, obj, and aobj's elements as args. */
1742 sp++;
1743 }
1745 /* Lift current frame to include the args and do the call. */
1751 ? JSINVOKE_INTERNAL
1754 /* Store rval and pop stack back to our frame's sp. */
1757 out:
1760 }
1762 #ifdef NARCISSUS
1763 static JSBool
1765 {
1771 JSBool ok;
1780 }
1799 sp++;
1800 }
1808 out:
1811 }
1812 #endif
1815 #if JS_HAS_TOSOURCE
1817 #endif
1821 #ifdef NARCISSUS
1823 #endif
1824 JS_FS_END
1825 };
1827 static JSBool
1829 {
1845 JSTokenType tt;
1846 JSBool ok;
1854 }
1859 /*
1860 * NB: (new Function) is not lexically closed by its caller, it's just an
1861 * anonymous function in the top-level scope that its constructor inhabits.
1862 * Thus 'var x = 42; f = new Function("return x"); print(f())' prints 42,
1863 * and so would a call to f from another top-level's script or function.
1864 *
1865 * In older versions, before call objects, a new Function was adopted by
1866 * its running context's globalObject, which might be different from the
1867 * top-level reachable from scopeChain (in HTML frames, e.g.).
1868 */
1877 /*
1878 * Function is static and not called directly by other functions in this
1879 * file, therefore it is callable only as a native function by js_Invoke.
1880 * Find the scripted caller, possibly skipping other native frames such as
1881 * are built for Function.prototype.call or .apply activations that invoke
1882 * Function indirectly from a script.
1883 */
1894 }
1896 /* Belt-and-braces: check that the caller has access to parent. */
1900 }
1904 /*
1905 * Collect the function-argument arguments into one string, separated
1906 * by commas, then make a tokenstream from that string, and scan it to
1907 * get the arguments. We need to throw the full scanner at the
1908 * problem, because the argument string can legitimately contain
1909 * comments and linefeeds. XXX It might be better to concatenate
1910 * everything up into a function definition and pass it to the
1911 * compiler, but doing it this way is less of a delta from the old
1912 * code. See ECMA 15.3.2.1.
1913 */
1916 /* Collect the lengths for all the function-argument arguments. */
1922 /*
1923 * Check for overflow. The < test works because the maximum
1924 * JSString length fits in 2 fewer bits than size_t has.
1925 */
1931 }
1932 }
1934 /* Add 1 for each joining comma and check for overflow (two ways). */
1941 }
1943 /*
1944 * Allocate a string to hold the concatenated arguments, including room
1945 * for a terminating 0. Mark cx->tempPool for later release, to free
1946 * collected_args and its tokenstream in one swoop.
1947 */
1954 }
1957 /*
1958 * Concatenate the arguments into the new string, separated by commas.
1959 */
1966 /* Add separating comma or terminating 0. */
1968 }
1970 /*
1971 * Make a tokenstream (allocated from cx->tempPool) that reads from
1972 * the given string.
1973 */
1979 }
1981 /* The argument string may be empty or contain no tokens. */
1985 /*
1986 * Check that it's a name. This also implicitly guards against
1987 * TOK_ERROR, which was already reported.
1988 */
1992 /*
1993 * Get the atom corresponding to the name from the tokenstream;
1994 * we're assured at this point that it's a valid identifier.
1995 */
2000 }
2008 /*
2009 * A duplicate parameter name. We force a duplicate
2010 * node on the SCOPE_LAST_PROP(scope) list with the
2011 * same id, distinguished by the SPROP_IS_DUPLICATE
2012 * flag, and not mapped by an entry in scope.
2013 */
2017 JSREPORT_TS |
2018 JSREPORT_WARNING |
2019 JSREPORT_STRICT,
2020 JSMSG_DUPLICATE_FORMAL,
2021 name);
2024 }
2029 }
2032 SPROP_INVALID_SLOT,
2037 }
2040 JSMSG_TOO_MANY_FUN_ARGS);
2042 }
2045 /*
2046 * Get the next token. Stop on end of stream. Otherwise
2047 * insist on a comma, get another name, and iterate.
2048 */
2055 }
2056 }
2058 /* Clean up. */
2063 }
2072 }
2082 }
2086 bad_formal:
2087 /*
2088 * Report "malformed formal parameter" iff no illegal char or similar
2089 * scanner error was already reported.
2090 */
2094 bad:
2095 /*
2096 * Clean up the arguments string and tokenstream if we failed to parse
2097 * the arguments.
2098 */
2102 }
2104 JSObject *
2106 {
2129 bad:
2132 }
2134 JSObject *
2136 {
2144 /*
2145 * Null Call.prototype's proto slot so that Object.prototype.* does not
2146 * pollute the scope of heavyweight functions.
2147 */
2150 }
2152 JSFunction *
2155 {
2157 JSTempValueRooter tvr;
2159 /* If funobj is null, allocate an object for it. */
2166 }
2168 /* Protect fun from any potential GC callback. */
2171 /*
2172 * Allocate fun after allocating funobj so allocations in js_NewObject
2173 * and hooks called from it do not wipe out fun from newborn[GCX_FUNCTION].
2174 */
2179 /* Initialize all function members. */
2189 /* Link fun to funobj and vice versa. */
2193 }
2195 out:
2198 }
2200 void
2202 {
2205 /*
2206 * Null-check of i.script is required since the parser sets interpreted
2207 * very early.
2208 */
2213 }
2214 }
2216 JSObject *
2218 {
2230 }
2232 }
2234 JSBool
2236 {
2240 }
2242 JSFunction *
2245 {
2256 }
2258 }
2260 #if (JSV2F_CONSTRUCT & JSV2F_SEARCH_STACK)
2262 #endif
2264 JSFunction *
2266 {
2267 jsval v;
2278 }
2279 }
2283 }
2285 }
2287 JSObject *
2289 {
2308 /* No scripted caller, don't allow access. */
2310 }
2313 fun->atom
2317 }
2319 }
2321 JSObject *
2323 {
2334 }
2336 }
2338 void
2340 {
2342 uintN error;
2359 }
2367 ? JSDVG_SEARCH_STACK
2371 }